[Openstack] Keystone External Authentication clarification
Remo Mattei
remo at italy1.com
Tue Jan 21 15:37:11 UTC 2014
Keystone has the opportunity to work as an SSO there was a project on that and does have a plugin for LDAP not sure if this is something you are looking for. Also not sure if the SSO is on hold or still under dev.
Remo
Inviato da iPhone ()
> Il giorno Jan 21, 2014, alle ore 5:58, Joe Topjian <joe at topjian.net> ha scritto:
>
> Hello,
>
> One of the new features advertised in the Havana release of Keystone was external authentication via REMOTE_USER. I'm beginning to assume that I should take that at face value: Keystone has external auth, but that's it. OpenStack as a whole cannot currently utilize it.
>
> Is this an incorrect assumption?
>
> For example, I set up Keystone behind Apache just like the developer docs say. Everything worked.
>
> Now I wanted to test external authentication. Just for practice, I tried http basic auth. I was successful in obtaining a token:
>
> curl --user joe:foobar -d '{"auth":{}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens
>
> But I don't think it's possible to use the command line tools (nova, glance et al) to work with a single token. I also don't see how Horizon can utilize an http-auth protected Keystone without modification.
>
> Am I wrong? If so, can someone point me to, at least, a proof of concept if not a production example?
>
> Is it correct to say that if I want Keystone to authenticate users against an unsupported/custom database while still retaining compatibility with all other OpenStack components, then I should write a custom backend such as described here:
>
> https://thestaticvoid.com/post/2013/06/04/customizing-the-openstack-keystone-authentication-backend/
>
>
> Thanks,
> Joe
> !DSPAM:1,52de8124286791426485421!
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,52de8124286791426485421!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140121/4fae8a02/attachment.html>
More information about the Openstack
mailing list